(817) 439-3051

Monthly Archives: December 2018

7 Reasons Why IT Projects Fail
Technology December 26, 2018
7 Reasons Why IT Projects Fail

Projects frequently fail in businesses. Here are seven common reasons why IT projects fail and how you can avoid these pitfalls.

Having projects that fail is common in businesses. In one 2018 study, the Project Management Institute surveyed more than 5,500 companies and found that 15% of the projects they started failed. And these failures were costly — 9.9% of every dollar invested was wasted due to poor project performance.

Learning from other teams’ mistakes is one way to avoid failed projects. Here are seven common reasons why IT projects fail and how you can avoid making the same mistakes:

  1. Undefined Deliverables

While most project teams define the objectives for their IT projects, some teams do not define the projects’ deliverables. A common reason for this oversight is the belief that objectives and deliverables are referring to the same thing.

While objectives and deliverables are closely related, they are not synonymous. The objective describes what a team plans to accomplish with its project. Deliverables are things (e.g., reports, plans, processes, products) that the team will produce to enable the objective to be achieved. For example, suppose a project’s objective is to replace old printers with ones that will better meet the business’s needs. The deliverables might include a report detailing current and projected printer usage needs, an analysis determining whether it is best to buy or lease the printers, evaluations of at least three printer suppliers, a signed contract, installation of the printers, a training program for employees on how to use the new printers, and so on. A larger project might need separate objectives and deliverables for each phase in it.

Because deliverables often build on each other, they provide a roadmap that the team can follow to achieve the project’s objective. Deliverables also help the team more accurately estimate the time, resources, and funding needed to complete it.

  1. IT Project Too Large

Tackling IT projects that are too large in scope is a common reason why they fail. Large projects require large amounts of time, money, and resources to complete — all of which might be in short supply, especially in small and midsized businesses.

Projects with smaller scopes are typically more manageable and have a greater chance of success. So, for example, instead of undertaking a project to create a set of IT policies, it is better to narrow the scope by having the team create just the acceptable use policy. When that project is done, the team can then tackle the privacy policy, and so on.

It is important to note that an IT project might start out with a manageable scope, but then “scope creep” sets in. For instance, if a team is working on developing an intranet site for employees, having an ever-growing list of “must-have” and “nice-to-have” features might expand the project’s scope to the point where it is unmanageable. While changes to a project’s scope are sometimes necessary, they should be kept to a minimum. Significant changes might necessitate the need for the team to revise its deliverables, schedule, and budget.

  1. Unrealistic Schedules and Budgets

Sometimes, teams do not realize how much time or money will be required to complete IT projects. Other times, they are simply too optimistic.

Not taking the time to get accurate estimates of how much time and money a project will require can result in projects being late and overbudget. Even worse, it could lead to poor-quality deliverables. If a project’s schedule is unrealistic, people might rush to get things done or take shortcuts. Similarly, people might cut corners if a project’s budget is too small.

Having well-defined deliverables will help in the creation of realistic schedules and budgets. It’s important to build in a little extra time and money, though, in case any surprises pop up.

  1. Not involving the Right People

An IT project can run into trouble if the people involved do not have the necessary skills and knowledge. For example, having a technician head a project because he is knowledgeable in the project area can lead to failure if that person has no experience in managing projects or teams. Conversely, if no one on the team is knowledgeable about the latest IT technologies, the team might not consider a technology that could potentially be a good fit for the company.

It is important to make sure that each person involved in the project is capable of completing their assigned role. It is also important to make sure that at least one person on the team has sufficient IT knowledge in the project area. If no one in the company has the necessary know-how, the team should consider bringing in an outside expert.

  1. No Central Repository for Communications

For a project team to be successful, its members must be able to communicate effectively with each other and with other people inside their companies. To do so, they need good communication skills as well as effective communication tools.

Besides holding team meetings, project team members often use email to communicate with each other. While this is an effective tool, the emails are stored in the members’ inboxes, making it hard for other people (e.g., a new team member) to access the information discussed in them. Plus, if a team member forgets to copy the entire team on an email, some people might be inadvertently kept out of the loop.

A better approach is to have a central repository for project communications. This could be as simple as having project members store copies of their project-related emails in a shared folder on the company’s network. Ideally, though, teams should use collaboration software that enables them to communicate and collaborate with each other and that stores their communications and work in a central location.

  1. Not Monitoring and Tracking Progress

It is important monitor and track a project’s progress in terms of deliverables met, costs, and schedule. If a team fails to do so, a small glitch could turn into a big problem later on.

While manually monitoring and tracking a project is possible, it would be time-consuming. A better solution is to use project management software. That way, the team will always know exactly where the project stands and how much time and money has been spent on it thus far.

  1. Not Enough Testing

IT projects often include deliverables such as IT systems and IT products. Failure to thoroughly test these types of deliverables can result in their failure once they are implemented.

The team should not wait until the end of the project to conduct the tests. Testing needs to start early and be done often. This will allow small problems to be fixed before they grow into significant problems that will take much more time and money to fix.

 


Two PHP Versions Are Being Terminated, Putting Millions of Websites at Risk
Cyber Security Technology December 19, 2018
Two PHP Versions Are Being Terminated, Putting Millions of Websites at Risk

In December 2018, PHP 7.0 and 5.6 are reaching the end of their lifecycles. Find out what PHP is and why it is so important to upgrade it.

Even though you might not have heard of PHP, you probably have seen it in action. Websites use this coding language to dynamically generate web pages, retrieve the data people enter into web forms, and perform numerous other tasks. Almost 80% of websites use PHP because it is quick, works well on sites of any size, and is open source. However, most of these websites are using versions that will soon become a security liability.

In December 2018, two PHP versions are reaching the end of their lifecycles, which means security updates will no longer be issued for them. Here are the dates to remember:

  • On December 3, PHP 7.0 is being terminated.

  • On December 31, PHP 5.6 is reaching the end of its lifecycle. The security support for this version was extended an extra year due to its popularity. More than 40% of websites use PHP 5.6. There are currently around 200 million active websites, so about 80 million of them are using PHP 5.6.

Note that PHP went directly from version 5.6 to version 7.0. There was never an official release of PHP 6.

Why It Is Important to Upgrade

WordPress, Joomla, Drupal, and other content management systems (CMSs) use PHP, so your business’s website might be using PHP without you realizing it. If your site is using PHP 5.6 or 7.0, you should upgrade it to a more recent version as soon as possible. At the time of this writing, PHP 7.2 is the most current version, with PHP 7.3 scheduled for release sometime in December 2018.

Upgrading is important. If your website is using PHP 5.6 or 7.0, it will be more vulnerable to new attack vectors because security updates will no longer be issued for these PHP versions. To make matters worse, hackers often keep track of when versions of popular technologies like PHP reach the end of their lifecycles. Once that day arrives, they intentionally launch new attacks that target the unsupported technology.

Besides being more secure, your website will also be faster if you upgrade, thanks to performance enhancements in the newer versions. For example, PHP 7.2 runs 20% faster than version 7.0 and 260% faster than PHP 5.6, according to Phoronix.

What to Do

Upgrading to a newer version of PHP is not always an easy task, which could explain why so many websites are using older versions. There are several reasons why an upgrade might be complex.

For starters, PHP is a server-side coding language, which means it runs at the server level. So, you need to make sure your hosting provider or your web server is running the PHP version you want to use. If you have a hosting provider and it does not support the desired PHP version, you will need to ask them to do so. If they refuse, you might consider switching to a provider that does offer it. If you have a web server and it is not running the desired PHP version, the PHP software will need to be updated.

You also need to make sure that your website’s software is compatible with the desired PHP version. This includes not only the CMS software but also other programs, such as plugins, themes, extensions, and templates. Any noncompatible software will need to be upgraded. If the software developer does not support the PHP version you want to use, you will need to ask them to update the software or switch to a program that does support it.

Finally, while configuring a website to use the desired PHP version is just a matter of selecting it in the appropriate spot in the site’s settings, the site needs to thoroughly tested afterward to make sure it runs smoothly. It is essential to have a backup of the site before the upgrade in the event there are significant problems encountered during or after the update.

Don’t Let Your Business’s Website Become an Easy Target for Hackers

Upgrading to a newer PHP version can be a lot of work, but we can handle the hassle for you. That way, it won’t become an easy target for hackers.

Why Cryptojacking Is More Dangerous Than Many Businesses Realize
Technology December 12, 2018
Why Cryptojacking Is More Dangerous Than Many Businesses Realize

Compared to ransomware or data breaches, cryptojacking might seem like a minor annoyance.  Learn how it is changing and what you can do to guard against it.

Cryptojacking might not seem as dangerous as ransomware or data breaches since cybercriminals are stealing a computer’s processing power rather than money or data. However, companies that dismiss this threat might be putting their businesses at risk. Cryptojacking malware is becoming increasingly sophisticated, which could spell trouble for companies unprepared for it.

The Changing Face of Cryptojacking

Cryptojacking was born from people’s need for more computing power so they could mine (aka earn) cryptocurrencies such as Bitcoin and Monero. These “miners” typically used website scripts that siphoned processing power from a visitor’s computer, without that individual’s knowledge or consent. When the person left the site, the siphoning stopped.

It wasn’t long before cybercriminals started using these scripts to get computing power for their exploits. Sometimes, they added these scripts to their own malicious web pages. Other times, they hacked into legitimate sites and insert the scripts there.

Since cybercriminals have entered the scene, cryptojacking malware has become more sophisticated. In addition, the hackers are becoming more creative in ways to deliver it.

Take, for example, the cryptojacking malware known as PowerGhost. When it was first discovered in July 2018, Kaspersky Lab researchers found that cybercriminals used phishing emails to gain initial access to a computer. Once the machine was infected, the malware used credential-stealing and remote-administration tools to spread itself to other machines in the local network. To make matters worse, some newer versions of PowerGhost have the ability to disable antivirus programs such as Windows Defender.

Another sophisticated program is PyRoMine, which Fortinet researchers found in April 2018. Besides stealing processing power, it creates a backdoor account with administrator-level privileges, enables the Remote Desktop Protocol (RDP), opens the RDP port in the Windows Firewall, and makes several other system changes so that the cybercriminals can remotely access the computer at a later time. The program even configures the Windows Remote Management Service to allow the transfer of unencrypted data.

As PowerGhost and PyRoMine illustrate, cryptojacking malware can create footholds in computers that hackers can later exploit. They could, for example, use these footholds to infect the computers with a different kind of malicious program, such as ransomware.

This might already be taking place. Companies infected by cryptojacking malware were found to have a larger number of other types of malware infections compared to businesses that did not experience any cryptojacking attacks, according to Fortinet’s “Quarterly Threat Landscape Report” for Q3 2018. However, this is only circumstantial evidence that cryptojacking leads to other malware attacks, which the Fortinet researchers acknowledged. They noted, “We attempted to establish a definitive causal relationship, and while those tests showed statistically significant results, they fell short of the burden of proof needed for a guilty conviction.” The researchers are planning to further explore this relationship in future reports.

How to Guard against Cryptojacking

In the past, you just had to prevent malicious scripts from running in web browsers to guard against cryptojacking. Nowadays, a more widescale approach is needed, including:

  • Making sure that computers’ operating system software and apps are updated so that known security vulnerabilities are patched. Both PowerGhost and PyRoMine exploit unpatched security vulnerabilities in Windows operating system software to create their footholds.

  • Making sure your security software is up-to-date. This can help guard against known cryptojacking code. It can also help protect computers from other types of malware that might be installed through footholds created by cryptojacking malware.

  • Educating employees about phishing emails and unsafe web browsing habits. As PowerGhost demonstrates, phishing emails can be used to gain initial access to a computer. So, employees need to know the dangers associated with clicking links in emails and opening files attached to them. Similarly, they should be taught about unsafe browsing habits, such as clicking links without knowing where they lead and visiting questionable websites.

  • Using ad or script blockers in web browsers to prevent malicious scripts from loading. There are also third-party tools available that are designed specifically for blocking cryptojacking scripts.

  • Inspecting your website. If your business hosts a website, you might want to make sure that hackers have not placed a cryptojacking script on it.

There are also other measures you can take, such as monitoring your computer systems and network for unusual activity. We can evaluate your business and provide specific recommendations on how to defend against cryptojacking and other types of malware.

Technology December 5, 2018
Find Out Whether You Are a Data Breach Victim in a Minute or Less

Mozilla has introduced Firefox Monitor, a free tool that you can use to see if your email address has been compromised in any data breaches. Discover how simple it is to use this tool.

Anyone can use this free tool to see whether their email address has been compromised in any publicly known data breaches. If so, details about that data breach are included, such as when it occurred and the types of personal data exposed.

Mozilla partnered with Troy Hunt, who runs the “Have I Been Pwned?” website, to create this tool. Hunt is providing the database against which entered email addresses are checked. The database contains more than 5.5 billion email addresses that have been exposed through real-life data breaches. It is updated regularly.

When you use the tool, your email address and privacy are protected by means of a data anonymization technique known as k-anonymity. Your email address is not saved unless you specifically allow it.


How to Use the Tool

Using Firefox Monitor is quick and easy. To find out whether your email address has been compromised, you just need to:

  1. Go to https://monitor.firefox.com/.

  2. Enter your email address.

  3. Click the “Scan” button.

You will then see the results. You have the option of signing up for the free Firefox Monitor service. If you subscribe to this service, Mozilla will check your email address against those exposed in any newly reported data breaches and will notify you by email if it was compromised. When you sign up for this service, Mozilla stores your email address. (If you just use the tool, Mozilla does not save it.)


What to Do If Your Email Has Been Breached

If Firefox Monitor reports that your email address has been compromised in a data breach, you should take steps to protect yourself. A good starting point is to:

  • Change your password for that account. Make sure it is strong and unique.

  • Change your security questions and answers (Q&As) if you set them. Giving incorrect or nonsensical answers is best. If you do not feel comfortable doing this, be sure to select questions whose answers are not easily found on social media sites or through web searches.

  • Make sure you did not use the same email address-password combination for other accounts. If you did, change those passwords and Q&As as well.

  • Consider using two-factor authentication, especially for financial accounts. Many websites now offer this feature.

Contact us if you have any questions or specific concerns.